> Users can start throwing errors by trying different
> fuseaction calls. Which in turn could expose too much info
> if you dont have a site wide error handler. The topic of
> this thread is securing cf apps. Although it may not be
> 100% necessary, it sure doesn't hurt. (minimal processing
> increase aside)
I would argue that attempting to obfuscate URLs may cause more harm than
good. Users can start throwing errors by trying anything within a URL,
whether you encrypt URL data or not. In addition, this adds a layer of
complexity to your environment that may make it more difficult for
administrators and developers to know what's going on. Finally, this may
make your code itself more fragile, and more likely to generate errors.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
